From e4d3983a4b6d8aa1ab6d9cea3248936b43032475 Mon Sep 17 00:00:00 2001 From: Theodore Tso Date: Fri, 14 Oct 1994 17:29:10 +0000 Subject: [PATCH] Move the various flavors of cryptosystem support -- raw des, des-md5, des-crc to the top level crypto library. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4512 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/crypto/des-crc.c | 181 ++++++++++++++++++++++++++++++++++++++ src/lib/crypto/des-md5.c | 182 +++++++++++++++++++++++++++++++++++++++ src/lib/crypto/raw-des.c | 115 +++++++++++++++++++++++++ 3 files changed, 478 insertions(+) create mode 100644 src/lib/crypto/des-crc.c create mode 100644 src/lib/crypto/des-md5.c create mode 100644 src/lib/crypto/raw-des.c diff --git a/src/lib/crypto/des-crc.c b/src/lib/crypto/des-crc.c new file mode 100644 index 000000000..5b8a47589 --- /dev/null +++ b/src/lib/crypto/des-crc.c @@ -0,0 +1,181 @@ +/* + * lib/crypto/des-crc.32 + * + * Copyright 1994 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + */ + +#include +#include +#include +#include + +#include "./des/des_int.h" + +static krb5_error_code mit_des_crc_encrypt_func + PROTOTYPE(( krb5_const_pointer, krb5_pointer, const size_t, + krb5_encrypt_block *, krb5_pointer )); + +static krb5_error_code mit_des_crc_decrypt_func + PROTOTYPE(( krb5_const_pointer, krb5_pointer, const size_t, + krb5_encrypt_block *, krb5_pointer )); + + +static krb5_cryptosystem_entry mit_des_crc_cryptosystem_entry = { + 0, + mit_des_crc_encrypt_func, + mit_des_crc_decrypt_func, + mit_des_process_key, + mit_des_finish_key, + mit_des_string_to_key, + mit_des_init_random_key, + mit_des_finish_random_key, + mit_des_random_key, + sizeof(mit_des_cblock), + CRC32_CKSUM_LENGTH+sizeof(mit_des_cblock), + sizeof(mit_des_cblock), + ETYPE_DES_CBC_CRC, + KEYTYPE_DES + }; + +krb5_cs_table_entry krb5_des_crc_cst_entry = { + 0, + &mit_des_crc_cryptosystem_entry, + 0 + }; + + +static krb5_error_code + mit_des_crc_encrypt_func(DECLARG(krb5_const_pointer, in), + DECLARG(krb5_pointer, out), + DECLARG(const size_t, size), + DECLARG(krb5_encrypt_block *, key), + DECLARG(krb5_pointer, ivec)) +OLDDECLARG(krb5_const_pointer, in) +OLDDECLARG(krb5_pointer, out) +OLDDECLARG(const size_t, size) +OLDDECLARG(krb5_encrypt_block *, key) +OLDDECLARG(krb5_pointer, ivec) +{ + krb5_checksum cksum; + krb5_octet contents[CRC32_CKSUM_LENGTH]; + int sumsize; + krb5_error_code retval; + +/* if ( size < sizeof(mit_des_cblock) ) + return KRB5_BAD_MSIZE; */ + + /* caller passes data size, and saves room for the padding. */ + /* format of ciphertext, per RFC is: + +-----------+----------+-------------+-----+ + |confounder | check | msg-seq | pad | + +-----------+----------+-------------+-----+ + + our confounder is 8 bytes (one cblock); + our checksum is CRC32_CKSUM_LENGTH + */ + sumsize = krb5_roundup(size+CRC32_CKSUM_LENGTH+sizeof(mit_des_cblock), + sizeof(mit_des_cblock)); + + /* assemble crypto input into the output area, then encrypt in place. */ + + memset((char *)out, 0, sumsize); + + /* put in the confounder */ + if (retval = krb5_random_confounder(sizeof(mit_des_cblock), out)) + return retval; + + memcpy((char *)out+sizeof(mit_des_cblock)+CRC32_CKSUM_LENGTH, (char *)in, + size); + + cksum.contents = contents; + + /* This is equivalent to krb5_calculate_checksum(CKSUMTYPE_CRC32,...) + but avoids use of the cryptosystem config table which can not be + referenced here if this object is to be included in a shared library. */ + if (retval = crc32_cksumtable_entry.sum_func((krb5_pointer) out, + sumsize, + (krb5_pointer)key->key->contents, + sizeof(mit_des_cblock), + &cksum)) + return retval; + + memcpy((char *)out+sizeof(mit_des_cblock), (char *)contents, + CRC32_CKSUM_LENGTH); + + /* We depend here on the ability of this DES implementation to + encrypt plaintext to ciphertext in-place. */ + return (mit_des_cbc_encrypt(out, + out, + sumsize, + (struct mit_des_ks_struct *) key->priv, + ivec ? ivec : key->key->contents, + MIT_DES_ENCRYPT)); + +} + +static krb5_error_code + mit_des_crc_decrypt_func(DECLARG(krb5_const_pointer, in), + DECLARG(krb5_pointer, out), + DECLARG(const size_t, size), + DECLARG(krb5_encrypt_block *, key), + DECLARG(krb5_pointer, ivec)) +OLDDECLARG(krb5_const_pointer, in) +OLDDECLARG(krb5_pointer, out) +OLDDECLARG(const size_t, size) +OLDDECLARG(krb5_encrypt_block *, key) +OLDDECLARG(krb5_pointer, ivec) +{ + krb5_checksum cksum; + krb5_octet contents_prd[CRC32_CKSUM_LENGTH]; + krb5_octet contents_get[CRC32_CKSUM_LENGTH]; + char *p; + krb5_error_code retval; + + if ( size < 2*sizeof(mit_des_cblock) ) + return KRB5_BAD_MSIZE; + + retval = mit_des_cbc_encrypt(in, + out, + size, + (struct mit_des_ks_struct *) key->priv, + ivec ? ivec : key->key->contents, + MIT_DES_DECRYPT); + if (retval) + return retval; + + cksum.contents = contents_prd; + p = (char *)out + sizeof(mit_des_cblock); + memcpy((char *)contents_get, p, CRC32_CKSUM_LENGTH); + memset(p, 0, CRC32_CKSUM_LENGTH); + + if (retval = crc32_cksumtable_entry.sum_func(out, size, + (krb5_pointer)key->key->contents, + sizeof(mit_des_cblock), + &cksum)) + return retval; + + if (memcmp((char *)contents_get, (char *)contents_prd, CRC32_CKSUM_LENGTH) ) + return KRB5KRB_AP_ERR_BAD_INTEGRITY; + memmove((char *)out, (char *)out + + sizeof(mit_des_cblock) + CRC32_CKSUM_LENGTH, + size - sizeof(mit_des_cblock) - CRC32_CKSUM_LENGTH); + return 0; +} diff --git a/src/lib/crypto/des-md5.c b/src/lib/crypto/des-md5.c new file mode 100644 index 000000000..def6d379a --- /dev/null +++ b/src/lib/crypto/des-md5.c @@ -0,0 +1,182 @@ +/* + * lib/crypto/des-md5.32 + * + * Copyright 1994 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + */ + +#include +#include +#include +#include + +#include "./des/des_int.h" + +static krb5_error_code mit_des_md5_encrypt_func + PROTOTYPE(( krb5_const_pointer, krb5_pointer, const size_t, + krb5_encrypt_block *, krb5_pointer )); + +static krb5_error_code mit_des_md5_decrypt_func + PROTOTYPE(( krb5_const_pointer, krb5_pointer, const size_t, + krb5_encrypt_block *, krb5_pointer )); + +static mit_des_cblock zero_ivec = { 0 }; + +static krb5_cryptosystem_entry mit_des_md5_cryptosystem_entry = { + 0, + mit_des_md5_encrypt_func, + mit_des_md5_decrypt_func, + mit_des_process_key, + mit_des_finish_key, + mit_des_string_to_key, + mit_des_init_random_key, + mit_des_finish_random_key, + mit_des_random_key, + sizeof(mit_des_cblock), + RSA_MD5_CKSUM_LENGTH+sizeof(mit_des_cblock), + sizeof(mit_des_cblock), + ETYPE_DES_CBC_MD5, + KEYTYPE_DES + }; + +krb5_cs_table_entry krb5_des_md5_cst_entry = { + 0, + &mit_des_md5_cryptosystem_entry, + 0 + }; + + +static krb5_error_code + mit_des_md5_encrypt_func(DECLARG(krb5_const_pointer, in), + DECLARG(krb5_pointer, out), + DECLARG(const size_t, size), + DECLARG(krb5_encrypt_block *, key), + DECLARG(krb5_pointer, ivec)) +OLDDECLARG(krb5_const_pointer, in) +OLDDECLARG(krb5_pointer, out) +OLDDECLARG(const size_t, size) +OLDDECLARG(krb5_encrypt_block *, key) +OLDDECLARG(krb5_pointer, ivec) +{ + krb5_checksum cksum; + krb5_octet contents[RSA_MD5_CKSUM_LENGTH]; + int sumsize; + krb5_error_code retval; + +/* if ( size < sizeof(mit_des_cblock) ) + return KRB5_BAD_MSIZE; */ + + /* caller passes data size, and saves room for the padding. */ + /* format of ciphertext, per RFC is: + +-----------+----------+-------------+-----+ + |confounder | check | msg-seq | pad | + +-----------+----------+-------------+-----+ + + our confounder is 8 bytes (one cblock); + our checksum is RSA_MD5_CKSUM_LENGTH + */ + sumsize = krb5_roundup(size+RSA_MD5_CKSUM_LENGTH+sizeof(mit_des_cblock), + sizeof(mit_des_cblock)); + + /* assemble crypto input into the output area, then encrypt in place. */ + + memset((char *)out, 0, sumsize); + + /* put in the confounder */ + if (retval = krb5_random_confounder(sizeof(mit_des_cblock), out)) + return retval; + + memcpy((char *)out+sizeof(mit_des_cblock)+RSA_MD5_CKSUM_LENGTH, (char *)in, + size); + + cksum.contents = contents; + + /* This is equivalent to krb5_calculate_checksum(CKSUMTYPE_MD5,...) + but avoids use of the cryptosystem config table which can not be + referenced here if this object is to be included in a shared library. */ + if (retval = rsa_md5_cksumtable_entry.sum_func((krb5_pointer) out, + sumsize, + (krb5_pointer)key->key->contents, + sizeof(mit_des_cblock), + &cksum)) + return retval; + + memcpy((char *)out+sizeof(mit_des_cblock), (char *)contents, + RSA_MD5_CKSUM_LENGTH); + + /* We depend here on the ability of this DES implementation to + encrypt plaintext to ciphertext in-place. */ + return (mit_des_cbc_encrypt(out, + out, + sumsize, + (struct mit_des_ks_struct *) key->priv, + ivec ? ivec : zero_ivec, + MIT_DES_ENCRYPT)); + +} + +static krb5_error_code + mit_des_md5_decrypt_func(DECLARG(krb5_const_pointer, in), + DECLARG(krb5_pointer, out), + DECLARG(const size_t, size), + DECLARG(krb5_encrypt_block *, key), + DECLARG(krb5_pointer, ivec)) +OLDDECLARG(krb5_const_pointer, in) +OLDDECLARG(krb5_pointer, out) +OLDDECLARG(const size_t, size) +OLDDECLARG(krb5_encrypt_block *, key) +OLDDECLARG(krb5_pointer, ivec) +{ + krb5_checksum cksum; + krb5_octet contents_prd[RSA_MD5_CKSUM_LENGTH]; + krb5_octet contents_get[RSA_MD5_CKSUM_LENGTH]; + char *p; + krb5_error_code retval; + + if ( size < 2*sizeof(mit_des_cblock) ) + return KRB5_BAD_MSIZE; + + retval = mit_des_cbc_encrypt(in, + out, + size, + (struct mit_des_ks_struct *) key->priv, + ivec ? ivec : zero_ivec, + MIT_DES_DECRYPT); + if (retval) + return retval; + + cksum.contents = contents_prd; + p = (char *)out + sizeof(mit_des_cblock); + memcpy((char *)contents_get, p, RSA_MD5_CKSUM_LENGTH); + memset(p, 0, RSA_MD5_CKSUM_LENGTH); + + if (retval = rsa_md5_cksumtable_entry.sum_func(out, size, + (krb5_pointer)key->key->contents, + sizeof(mit_des_cblock), + &cksum)) + return retval; + + if (memcmp((char *)contents_get, (char *)contents_prd, RSA_MD5_CKSUM_LENGTH) ) + return KRB5KRB_AP_ERR_BAD_INTEGRITY; + memmove((char *)out, (char *)out + + sizeof(mit_des_cblock) + RSA_MD5_CKSUM_LENGTH, + size - sizeof(mit_des_cblock) - RSA_MD5_CKSUM_LENGTH); + return 0; +} diff --git a/src/lib/crypto/raw-des.c b/src/lib/crypto/raw-des.c new file mode 100644 index 000000000..73ae6e3c0 --- /dev/null +++ b/src/lib/crypto/raw-des.c @@ -0,0 +1,115 @@ +/* + * lib/crypto/des-crc.32 + * + * Copyright 1994 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + */ + +#include +#include +#include +#include + +#include "./des/des_int.h" + +static krb5_error_code mit_raw_des_encrypt_func + PROTOTYPE(( krb5_const_pointer, krb5_pointer, const size_t, + krb5_encrypt_block *, krb5_pointer )); + +static krb5_error_code mit_raw_des_decrypt_func + PROTOTYPE(( krb5_const_pointer, krb5_pointer, const size_t, + krb5_encrypt_block *, krb5_pointer )); + +static krb5_cryptosystem_entry mit_raw_des_cryptosystem_entry = { + 0, + mit_raw_des_encrypt_func, + mit_raw_des_decrypt_func, + mit_des_process_key, + mit_des_finish_key, + mit_des_string_to_key, + mit_des_init_random_key, + mit_des_finish_random_key, + mit_des_random_key, + sizeof(mit_des_cblock), + 0, + sizeof(mit_des_cblock), + ETYPE_RAW_DES_CBC, + KEYTYPE_DES + }; + +krb5_cs_table_entry krb5_raw_des_cst_entry = { + 0, + &mit_raw_des_cryptosystem_entry, + 0 + }; + +static krb5_error_code + mit_raw_des_decrypt_func(DECLARG(krb5_const_pointer, in), + DECLARG(krb5_pointer, out), + DECLARG(const size_t, size), + DECLARG(krb5_encrypt_block *, key), + DECLARG(krb5_pointer, ivec)) +OLDDECLARG(krb5_const_pointer, in) +OLDDECLARG(krb5_pointer, out) +OLDDECLARG(const size_t, size) +OLDDECLARG(krb5_encrypt_block *, key) +OLDDECLARG(krb5_pointer, ivec) +{ + return (mit_des_cbc_encrypt (in, + out, + size, + (struct mit_des_ks_struct *)key->priv, + ivec ? ivec : key->key->contents, + MIT_DES_DECRYPT)); +} + +static krb5_error_code + mit_raw_des_encrypt_func(DECLARG(krb5_const_pointer, in), + DECLARG(krb5_pointer, out), + DECLARG(const size_t, size), + DECLARG(krb5_encrypt_block *, key), + DECLARG(krb5_pointer, ivec)) +OLDDECLARG(krb5_const_pointer, in) +OLDDECLARG(krb5_pointer, out) +OLDDECLARG(const size_t, size) +OLDDECLARG(krb5_encrypt_block *, key) +OLDDECLARG(krb5_pointer, ivec) +{ + int sumsize; + + /* round up to des block size */ + + sumsize = krb5_roundup(size, sizeof(mit_des_cblock)); + + /* assemble crypto input into the output area, then encrypt in place. */ + + memset((char *)out, 0, sumsize); + memcpy((char *)out, (char *)in, size); + + /* We depend here on the ability of this DES implementation to + encrypt plaintext to ciphertext in-place. */ + return (mit_des_cbc_encrypt (out, + out, + sumsize, + (struct mit_des_ks_struct *)key->priv, + ivec ? ivec : key->key->contents, + MIT_DES_ENCRYPT)); +} + -- 2.26.2